Protect Your Business From Domain Hijacking

Protect Your Business From Domain Hijacking

The internet remains as one of the most indispensable marketing tools for businesses, and a domain name is a valuable intellectual property. However, its convenience can often cause it to be susceptible to being altered by malicious intent. Domain hijacking is one of the most relevant examples for this in our digital world. This article will help you understand what domain hijacking is and will take you through the different steps that should be taken to help you to protect yourself from the crime.

What is a ‘domain name’?

A domain name refers to a website address purchased from a Domain Registrar or from a hosting provider which provides the purchaser access to settings that control the domain usually for a fee. It allows websites to uniquely distinguish itself from other website sources. For example, ‘etheringtons.com.au’ is the domain name of Etheringtons Solicitors and allows our clients and broader community to easily identify our website and our services.

Domain names in Australia can be registered through the .au Domain Administration Registry. Before you can register the domain name that will appear on your website, you have to ensure that:

  • Your domain name is available (meaning it is unique); and
  • You have a valid Australian Company Number (ACN) or valid Australian Business Number (ABN).

What is domain hijacking?

Domain hijacking, also known as domain theft, is the act of changing the registration of a domain name without the permission of its rightful owner. This unauthorised type of cyber-attack causes web-addresses of organisations to be stolen without that organisation’s consent, predominantly through identity theft measures or phishing emails. This allows the hijacker to alter account information and redirect online traffic to their own websites, which often are linked with the sale of counterfeit goods or black market operations. Therefore, losing access to your domain can be extremely detrimental to a business, especially those that run predominately e-commerce operations, as a domain name forms an important aspect of intangible property.

Recovering a hijacked domain name

If you are concerned that your domain name has been illegally hijacked, there are a number of actions you can take. These include:

  • Confirming if the domain name was hijacked: if your domain name does not open to your website, it is easy to assume that somebody has hijacked the domain name. However, there are a number of reasons why a website may not appear, such as the domain owner failing to renew the domain name before expiry, or technical issues with the website hosting.
  • Check your computer for malware, viruses and update security credentials.
  • Getting in touch with your domain registrar: For example, the .au Domain Administration Registry can be contacted online through a general inquiry form.
  • Checking the WHOIS records on the domain to determine who owns the domain name and if ownership has changed.
  • Seeking legal advice and contacting a dispute resolution provider: Solicitors can launch a complaint on your behalf with the AU Dispute Resolution Policy (AUDRP) or Uniform Dispute Resolution Policy. These are specialised bodies which are tailored to handle domain disputes and complaints in a cheaper and more efficient way than litigation.

What steps can you take to protect yourself and your business?

There are a few precautionary steps that you can take to prevent your domain name from being susceptible to hijacking or other illegal activity. These include:

  • Registering the domain name for an extended period and setting renewal reminders;
  • Increase the security by locking the domain name so it cannot be transferred without a password. For example, the AusRegistry or database for domains ending in .com.au, has a security measure called .auLOCKDOWN which allows owners to lock their domain name records and prevent unauthorised changes; and
  • Always using multi factor authentication to protect your accounts.

How Etherington Solicitors can help

A solicitor at Etheringtons Solicitors can provide clarification of the relevant law in relation to your individual circumstances. If you need further advice or assistance with domain hijacking or other business law matters, please contact one of our experienced solicitors on (02) 9963 9800 or via our contact form.

Who owns the emails you send at work?

Who owns the emails you send at work?

Workplace surveillance and email monitoring have become the norm in organisations across Australia. However, many employees still do not understand their obligations or their rights when it comes to the use of computer technology in the workplace. Another issue arising out of the use of digital communication in the workplace is who owns correspondence that is sent from a work address?

The tension between an employee’s privacy and any potential restraint of trade conditions or copyright issues continue to be a source of contention in employment law, causing confusion for both parties. This blog will provide an overview regarding the law surrounding privacy and workplace surveillance, however if you are affected by this issue it is important to seek out legal advice.

Workplace Surveillance

The Workplace Surveillance Act 2005 (NSW) provides that a policy must be in place for an employer to undertake workplace computer surveillance. Employees must be given notice of that policy. Commonly, employers include a notice of surveillance in a new employee’s contract. However, if employers are introducing computer surveillance into the workplace they must provide employees at least 14 days written notice.

Under the Act the notice must include:

  • the kind of surveillance to be carried out (i.e. computer, camera or tracking surveillance)
  • how the surveillance will be carried out
  • when the surveillance will start
  • whether the surveillance will be continuous or intermittent; and
  • whether the surveillance will be for a specified limited period or ongoing.

What does the Privacy Act 1988 say?

The Privacy Act 1988 (Cth) is the national legislative body for regulating the handling of personal information by government agencies and organisations. The Australian Privacy Principles (APP) are enshrined in this Act, specially Principle 12, which states that if an APP entity (which includes Government agencies and private organizations) holds personal information about an individual, the entity must, on request, give the individual access to the information. It is worth noting that the Act itself does not distinctively cover surveillance in the workplace.  The employee records exemption under this Act provides an exemption to adherence to the APP for employers in certain circumstances. This means that employers are allowed to collect and store employee’s personal information if it is directly related to the employee-employer relationship, or if it forms part of an employee record.

However, employers should not assume that all the information they hold that relates to an individual employee would constitute an employee record. For example, the Office of the Australian Information Commissioner (OAIC) have given the example of financial correspondence received into an employee’s work email account. Whilst an employee’s bank details may fall within the meaning of ‘employee record’, the specific emails and their contents that an employee receives from their financial institution that is sent to their work email account, may not necessarily be part of an ‘employee record’ as it may not relate to the employment of the employee. Whether or not the content of emails sent or received by an employee forms part of their ‘employee record’ will always depend on the circumstances and you should seek advice regarding your particular case.

How do I know if my employer can view emails sent from my company email address?

If an employer has given notice that workplace emails are or can be placed under surveillance, then it is quite likely that your employer can view emails sent from your company email address. Most organisations have privacy and workplace surveillance policies that stipulate when and why your emails might be viewed by an employer.

If you are disputing your right to access to your personal emails on your work email accounts, the OAIC may have the jurisdiction to hear your complaint if you are arguing that the emails fall out of the employee record exemption prescribed in the Privacy Act. However, as mentioned previously, this is determined on a case by case basis and the law surrounding this area remains somewhat ambiguous. If you are unsure, it is best to seek legal advice. The team at Etheringtons Solicitors are skilled in employment law and are ready and willing to assist you with your enquiry.  If you would like further information, please do not hesitate to contact one of our experienced solicitors on 9963 9800 or via our contact form. For more articles, please see our blog here.

Are electronic signatures the new norm? COVID-19: Executing Contracts and Deeds.

Are electronic signatures the new norm? COVID-19: Executing Contracts and Deeds.

With increased safety precautions of social distancing and restricted business opening hours in place, many employees are working from home. One consequence is that many projects may stall if there is an inability to sign contracts that require renewal or documents to complete transactions. This raises the question of how company contracts can be signed remotely and what are the risks. Are electronic signatures a solution?

What is an electronic signature?

A broad definition is that it is a visible representation of a person’s name or mark, placed by a person in a communication or on a document to indicate their assent. This may range from a typed name of the sender, a scanned image of a handwritten signature or clicking “I agree”. Each has a varying level of security and encryption, which may be vulnerable to copying and tampering.

General agreements

Under common law, an agreement can be in electronic form and executed electronically. There is additional validation from the Electronic Transactions Act 2000 (NSW) if the signature complies with specific conditions relating to the identity of the person, reliability of the signing method, and consent of the person to whom the signature is given. The law does not provide guidance on how electronic and attestation of documents should take place, and there still remain circumstances in which parties and lawyers are unwilling to accept electronic signatures.

Execution of documents by companies – section 127 of the Corporations Act

There are specific requirements for companies signing agreements. Ordinarily, a common seal can be affixed to the document and be witnessed by two directors or one director and a secretary. It can be signed without a seal but again by two directors or one director and a secretary. In the current circumstances, there are ways to manage the risks surrounding electronic execution of company documents. The people requiring signatures should obtain evidence that the person signing the document is actually authorised to sign the document electronically. The parties should ensure that there are no limitations as to the mode of execution by checking the board minutes, corporate constitutions and powers of attorney, and ensuring that the ASIC records and the identities of the directors and secretaries are verified. Companies should consider appointing a power of attorney as a power of attorney can electronically execute agreements on behalf of a company.

Conveyancing contracts

The Conveyancing Act permits deeds to be created in electronic form, and to be electronically signed and attested. The Act also states that documents relating to land interests can be electronic and signed electronically. It is important to note that the operation of other requirements in the Conveyancing Act will continue to apply to contracts or deeds whether they are electronic or on paper. It is important that you obtain proper legal advice before you enter into a conveyancing contract.

Execution of deeds

The law is settled that a document can be witnessed electronically. This will only be valid if the witness was physically present at the time the electronic deed was electronically signed by the signatory and the witness electronically signed the same document at the same time as the signatory. Unfortunately, this means that attestation cannot be conducted by teleconference or signed at a later time, presenting the same logistical requirements as witnessing a paper document.

Conclusion

In the absence of clear authority, we recommend a conservative approach to minimise risk and prevent one or more parties from suffering loss. If a document can only be executed electronically, then try avoiding a deed and instead use an agreement because a deed does not require a consideration (payment) but an agreement does. Therefore, you can look at whether consideration has been given in order to determine validity of a document.

Further information

It is important to be fully aware of your obligations and options in your contractual arrangement during difficult times such as COVID-19. If you would like further information regarding the impact on your business or simply corporate and contract law advice, please do not hesitate to contact one of our experienced solicitors on 9963 9800 or via our contact page.

More information about COVID-19 can be found here: www.health.gov.au

 

Mobile Apps – Common Intellectual Property Disputes

Mobile Apps – Common Intellectual Property Disputes

Are you a mobile app developer or someone contracting with a developer to make mobile apps? Are you having issues as to who owns what when the work is done, or even before it is done? You are not alone. This article aims to set out briefly some of the common copyright disputes that arise, what the law says, and what the process is for resolving these sorts of disputes.

Common disputes about mobile apps

Increasingly these days, we are seeing more and more mobile applications (apps) being developed for many different purposes. From tax lodgment to payroll, to apps for finding a lawyer or the best restaurant, the possibilities are endless. Businesses in all sectors are attempting to provide goods and services differently, and mobile app developers are helping them do it.

Sometimes, issues may arise between developers and their clients as to who owns the underlying data while the app is being developed. A dispute might arise when the project is complete, and the client may withhold payment. Developing an app can take months and even years and often agents are involved between the client and the app developer. Clients might change their mind and decide to take a half finished app to another developer to finish the project. Clients may assert that the app, and the intellectual property therein, is theirs, and may even withhold payment to their developer until the app, typically the source code underlying it, is given to them so that the app can be taken to another (less expensive) developer to finish. But really, who ‘owns’ it?

What the law says

The first place to look for answers to this question is the Copyright Act 1968. Under section 10, a “computer program” is included in the definition of a “literary work”. Under section 32, copyright of a literary work is effective if it was made in Australia by a suitably qualified author, even if it has not been published yet. Under section 35, the author owns the work. Lastly, section 196 tells us that ownership of copyright can be assigned (‘passed on’) to someone else, but an agreement to do so must be in writing.

Case law gives us some guidance as to what happens if you don’t have a written agreement or if the agreement is silent or vague as to the ownership. They tell us that if a business client asks for the app (usually in the form of its source code) to be given to them, a term will be implied to allow this to happen. This is particularly the case where the business client is paying for the design and manufacture of the app, and where, objectively, there is no real expectation that the developer should retain the app/its source code for itself or for the benefit of a competitor of the business client.

Arguments may also be made that the app developer only has a license to the app, which essentially means that the proper owner is the business client, not the developer.

Beyond Copyright

What about after the project has finished and the invoice has been paid in full? Can ideas, formulas and know-how which the app developer gained while working on its client’s app be used elsewhere? For example, the intangible ideas, formulas and know-how gained from a tax lodgment app – can you use these when working for another client looking to develop another finance or accounting app? Can the client come back and sue the app developer for IP infringement?

Resolving your dispute

Both the Supreme Court of NSW and the Federal Court of Australia can hear disputes concerning intellectual property. The starting point is your agreement. Without a written agreement, the dispute resolution process can be both complex and expensive.

The best advice before starting work on a mobile app is to agree in writing who will own what when the work is done, and at various stages of the work’s development.

Seek Legal Advice

Whether you’re a business or an app developer, if you have having issues around your app and its creation, we can provide additional information and advice to you regarding your situation. If you would like to discuss your concerns with a legal professional please contact us on (02) 9963 9800 or at [email protected]

 

Online Copyright Infringement

Online Copyright Infringement

Social Media is Unavoidable

We’re confronted with social media in its various forms everyday. President Trump is endlessly tweeting and the person next to you on the bus is scrolling through Facebook. You may have even experienced the phone-focused pedestrian walking into you on the street. There are other social media forums such as Instagram for photo-centric posts, from beach trips to nightclub outings. The thing they all have in common is they involve posting content – text, photos and/or videos – which creates a risk of online copyright infringement.

What is Copyright?

Copyright is the right an author has over their own work. A ‘work’ can be written such as a book or article, or a piece of music, a painting, or a design such as an architectural drawing. The expression of the work is important in determining copyright, rather than the idea. For example, if you read a book about an historic event, you could also write a book about that event. Copyright would, however, prevent you from copying sections of the original book as your own. In the same way you cannot use someone else’s photo of a landmark without their permission, but you may take your own photo of that landmark to use online.

Furthermore, it’s important to note that copyright does not relate to an idea. If you come up with a novel idea, someone else could still write about that idea as long as they didn’t copy your explanation of it. To have the protection of copyright, the ‘work’ must be sufficiently distinctive in its expression.

Are You Infringing Copyright on Social Media?

On a commercial level, it’s commonplace for businesses to ask to be ‘liked’ or ‘followed’ on social media. To gain and maintain a social following you need to provide valuable content to your audience. If this content is not purely your own, you might be infringing copyright.

Let’s take images as an example. Because copyright can exist in photos, posting someone else’s photos without their permission on social media is likely to infringe copyright. The owner – usually the photographer – has copyright over the photos. Companies such as Getty Images and Shutterstock sell photos online. When you purchase an image from them, you are purchasing the right to use the image. Therefore to avoid infringing copyright online you should consider purchasing the rights to images, or taking your own photos.

The Consequences of Copyright Infringement

There are serious consequences if you are involved in copyright infringement. If you are posting on social media on behalf of your company, the ramifications can apply to both you and your employer. The owner of the content could sue you, leaving you liable for damages and legal costs. Your employer could terminate your employment, due to the reputation damage it has caused.

According to the 2017 Sensis Social Media Report, 79% of Australians are active on social media. If we look globally, there are 2.46 billion social media users according to Statista. Social media is so widespread that publishing content without permission may easily come to the attention of the copyright owner. Accordingly, you should keep copyright in mind if you are tempted to plagiarise a written piece or use an image or piece of music created by someone else.

Get in touch for copyright or social media advice for your situation.